Nowadays, you can easily get a free SSL certificate but you have to manually/automatically renew it every 90 days.

To apply for a certificate, you have to verify your domain – either by email of your domain, place a file on your server (which can be public accessed), or modify the DNS record.

If your DNS has configured CAA records, you need to remove them or add specific records allowing a SSL provider to issue the certificates on your domain.

Once the certificates are issued, you will see the following files:

• ca_bundle.crt
• certificate.crt
• private.key

You need to combine two CRTs into one:

1

cat certificate.crt ca_bundle.crt >> certificate.crt

cat certificate.crt ca_bundle.crt >> certificate.crt

Then in Nginx server, add the following in server block:

listen   443;
ssl    on;
ssl_certificate    /etc/ssl/certificate.crt; 
ssl_certificate_key    /etc/ssl/private.key;

Last but not least, restart the nginx server.

1
2
3

sudo /etc/init.d/nginx restart
# or 
sudo service nginx restart

sudo /etc/init.d/nginx restart
# or 
sudo service nginx restart

To get free SSL/HTTPS certificates, you can choose one of the following:

• https://letsencrypt.org/
• https://sslforfree.com/

1 page view per second

–EOF (The Ultimate Computing & Technology Blog) —